Readers might be aware that many major car companies are being sued in California over deaths allegedly caused by the lack of adequate safeguards for keyless ignition systems.
The suit alleges that 10 of the world’s major car-makers are culpable in 13 carbon monoxide poisoning deaths. Bentley, BMW, Ford, General Motors, Honda, Hyundai, Kia, Mercedes-Benz, Nissan, Toyota and Volkswagen were all named, potentially involving tens of millions of cars.
The lawsuit, filed on behalf of 28 plaintiffs, alleges that the keyless ignition systems fail to provide sufficient warning when a driver exits the vehicle without pushing the ‘engine on/off’ button or equivalent. With the car still running, users are exposed to the deadly gas.
How secure is cyber security?
Regardless of whether or not you think drivers should be responsible for turning their own cars off or noticing when they are still running, the case highlights just one potential pitfall with cyber security systems.
In another case, 13 auto-makers are suing to supress research detailing the vulnerabilities of their keyless systems. Researchers from Radboud University and the University of Birmingham have published a report demonstrating weaknesses in such systems.
In response, a group of manufacturers, including Volkswagen Group of America, Audi, Porsche, Bentley, Lamborghini, Fiat, Honda, Volvo and Maserati, are agitating for their technology to be protected by the Digital Millennium Copyright Act, which would make such research illegal.
Keyless entry systems are supposed to protect vehicles from theft, but sophisticated hackers have shown they can steal a BMW 1M in under three minutes without a sound or an alarm going off.
Security the key to connectivity
With more than 100 million ‘connected’ cars expected to be on the road by 2020, cyber security is a huge issue for drivers, manufacturers and, by extension, Dealers.
Connectivity helps with navigation, music, video streaming and remote control, but it also makes vehicles vulnerable to cyber-attack. Recent research showed that hackers can take control of a vehicle remotely by taking over the steering wheel, accelerator, brakes, ignition switch and more.
If the providers of remote security systems can’t guarantee their integrity, customers will be reluctant to use them, meaning those companies, and possibly Dealers, will miss out on the recurring income from managing them.
It is a massive issue, considering the potential move to driverless cars and intelligent transport systems in the near future.
Privacy, security, autonomy, flexibility
Queensland University of Technology information security expert Dr Ernest Foo presented a paper on the subject at the 2015 Australasian Road Safety Conference on the Gold Coast in October.
The report, titled Security Issues for Future Intelligent Transport Systems, says the potential benefits of connectivity, such as traffic warnings and autonomous vehicles, will not be realised without a secure system to allow the safe transfer of information.
Public key infrastructure is a system used for secure banking transactions and is proposed for automobiles as well, but currently Australia has no guidelines in place regarding the implementation of such a system on our roads. The US and Europe do, but Dr Foo is not impressed.
“The sheer amount of vehicles to be connected poses safety concerns, along with privacy, security and scalability under different traffic scenarios,” he told the conference.
“The proposed systems in the US and Europe are too complex and pose potential risks for security and privacy flaws.
“What we need to be doing in Australia is developing a system that offers an acceptable level of privacy, security and autonomy while being flexible enough to work effectively in a complex environment.”
Dr Foo said that without appropriate levels of security, the public would not accept connected and autonomous vehicles.
The worldwide issue was also addressed at an international conference in Germany in September. It’s something we simply must get right if we are to move into a new age with confidence.